UniSentinel module

Internal audit that runs from universe to follow-up

Build your audit universe, plan the year on risk, run engagements with workpapers and reviewer sign-off, and issue findings and reports through a real approval chain — with follow-up tracking that sees every agreed action through.

Risk-based annual plansEngagements & workpapersFindings with follow-upApproval-gated report issuance

Capabilities

Everything an audit function needs, end to end

Built for audit teams that must defend every conclusion — from why an entity was audited to who approved the report.

An audit universe with full coverage

Register every auditable entity in one universe — drawn from the Service Catalog when it's licensed, or kept on a built-in local list when it isn't — so coverage planning starts from the whole picture.

Risk-based annual plans

Build the annual audit plan with risk-based prioritization. When Risk Management is licensed, live risk scores flow straight into the plan — so you audit where the exposure actually is.

Engagements with a real workflow

Every engagement carries its scope, team and schedule, and moves through a defined status workflow — so the whole team knows exactly where fieldwork stands.

Workpapers with review sign-off

Fieldwork documents are stored as workpapers with reviewer sign-off, so every conclusion in the report traces back to reviewed evidence.

Findings that tell the whole story

Each finding records severity plus criteria, condition, cause and effect — then the recommendation, the management response, and an agreed action with a due date.

Report issuance behind approvals

Audit reports are issued through the platform approval engine — named approvers or roles, N-of-M rules, a recorded decision chain — with audit status widgets and reports for ongoing visibility.

Standalone by design

Complete on day one — no other module required

License Internal Audits alone and you still run the complete lifecycle, universe to follow-up. Every integration has a built-in local fallback.

  • Build the audit universe on a built-in local list of auditable entities.
  • Plan the year without live risk scores — prioritization still works on your own professional judgment.
  • Track remediation of findings on a built-in local checklist until Tasks arrives.
  • License Service Catalog later and a guided promotion merges your local universe into the catalog — nothing is retyped, nothing is lost.
Engagement — Access managementFieldwork
Privileged access reviews not performedFND-031High
Emergency changes bypass approvalFND-032Medium
Backup restore tests undocumentedFND-033Medium
Shared-account inventory incompleteFND-034Low
Password policy exceptionsFND-027Closed

How it works

From annual plan to closed finding

  1. 01

    Plan

    Build the audit universe and the annual plan — prioritized by live risk scores when Risk Management is licensed, by your own judgment when it isn't.

  2. 02

    Execute

    Open engagements with scope, team and schedule, run fieldwork on structured checklists, and store workpapers with reviewer sign-off.

  3. 03

    Report

    Record findings with severity, criteria, condition, cause and effect; capture management responses and agreed actions; then issue the report through approvals.

  4. 04

    Follow up

    Track every agreed action to its due date, close findings as the work completes, and feed results to executive dashboards.

Frequently asked questions

Does Internal Audits work without the other modules?

Completely. The audit universe runs on a built-in local list of auditable entities, planning works without live risk scores, and remediation uses a built-in local checklist. When you license Service Catalog later, a guided promotion merges your local universe into the catalog.

How does risk-based planning actually work?

When Risk Management is licensed, the annual plan pulls live risk scores to prioritize which entities get audited. Without it, you still build the same plan over your universe and set priorities yourself.

What does a finding record capture?

Severity plus the full criteria, condition, cause and effect model — then the recommendation, the management response, and an agreed action with a due date. Follow-up tracking stays on it until it's closed.

Who controls when an audit report goes out?

Report issuance is gated through the platform's approval engine: you define who must approve — specific roles or named users, including N-of-M rules — and the decision chain is recorded in the immutable audit trail.

Get started

See UniSentinel running on your terms

Book a 30-minute walkthrough. We'll map your program to the modules you need — cloud, on-prem Linux or Windows Server.

Every module works standalone. License only what you need — grow when you're ready.